Manage profile and risk dependencies using the GRC Workbench

SAVE AS PDF

Manage profile and risk dependencies using the GRC Workbench

The GRC Workbench utilizes CMBD information to show the upstream and downstream
relationships across all applications. These relationships enable consistent risk mapping and
modeling across the enterprise. The GRC Workbench does not work with Legacy GRC.

The GRC Manager [sn_grc.manager] uses the GRC Workbench to:

Create profile classes

Define the upstream/downstream relationships between profile classes. These relationships
make up the dependency model and they help ensure that risks are defined and evaluated
consistently across the enterprise.

Create profile types, create profiles, and classify profiles

Create relationships between profiles, which makes up the dependency map.

Note: The GRC Manager cannot view the GRC Workbench from Risk > GRC Workbench. The GRC Manager [sn_grc.manager] enters
/$grc_workbench.do after their instance name in the url to access the
GRC Workbench.

GRC managers create profile classes representing the types of things that will be part of the dependency model. Reports can be filtered to define relationships between the different profile classes. A profile class defines what a profile actually is. It differs from a profile type (for example, Business Services and Critical Business Services), in that a profile can belong to many profile types but a profile can have only one profile class (for example, Business Service).